小红伞病毒样本和误报样本上报机制改革!!!增加误报文件专项上报

起点

http://analysis.avira.com/samples/index.php
    最大限制为5M
  带星号项目必须填写
    False positives:    误报文件上报需要选择"False positive suspicion"

    If you think our scanner has detected a clean file by mistake please select "False positive suspicion" from the drop down menu above. Note that suspicious files and false positives need to be uploaded separately.

    Several files at one:

    In case you want to upload several suspicious files at the same time we suggest to use a common archiving software such as WinZIP, WinRAR, PKZip or Arj.


    Submit via email:    怀疑是病毒的需要加密压缩密码为virus

    Alternatively you can send suspicious files via email to virus@avira.com. Please make sure that you compress the files using a packer such as WinZIP, WinRAR, PKZip or Arj.

    Since some email gateways are equipped with antivirus software, you should also give the file(s) a password to prevent them from being unpacked inadvertently. Please make sure that you're using the password "virus".

    Please note that false positives have to be uploaded via web interface and marked as such.
请注意,误报文件上传必须由web页面形式上传并且注明false positives

    Result:

    If the suspicious file contains a new malware which is unknown to us at this point in time we will update our signature database. After that we'll be able to detect and - if technically possible - remove it.


上报结果web显示效果

Suspicious Files and Miscellaneous Uploads

  Thank you for your submission. Below you can see the current status of the uploaded files.
bbs.kpfans.com/avira专区/navigateqd


  We received the following archive files:File ID         Filename         Size (Byte)        Result
  197873         22.rar        20.197        OK

  ------------------------------------------------------------------------------------------------------------------------

  A listing of files contained inside archives alongside their results can be found below:
  File ID                     Filename         Size (Byte)          Result
  ------------------------------------------------------------------------------------------------------------------------
  197874         AdsNT.exe         11.862         MALWARE
  197875         AlxUp.exe         11.264         MALWARE

  ------------------------------------------------------------------------------------------------------------------------

  Please find a detailed report concerning each individual sample below: Filename        Result
  AdsNT.exe         MALWARE


  The file 'AdsNT.exe' has been determined to be 'MALWARE'.
  Our analysts named the threat TR/Click.AX.
  Detection will be added to our virus definition file (VDF) starting with version 6.37.00.158.
  Filename        Result
  AlxUp.exe         MALWARE
  -------------------------------------------------------------------------------------------------------------------------

  The file 'AlxUp.exe' has been determined to be 'MALWARE'.

  Please note that you will receive an email which will contain the results shown above.
  In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.

[ 本帖最后由 navigateqd 于 2007-1-27 15:30 编辑 ]

hzq277284

压缩包格式增加了WinRAR……早该如此了

mofunzone

一直就有winrar呀。。
而且一般我不用这个，我用的是另外一个，上报的时候可以写quote，直接写false positive就好了
winrar是肯定就支持了，从我第一天用antivir就用winrar上报，而且我的winrar从来都是最新版本的，包括beta版

起点

原帖由 mofunzone 于 2007-1-27 00:15 发表
一直就有winrar呀。。
而且一般我不用这个，我用的是另外一个，上报的时候可以写quote，直接写false positive就好了
winrar是肯定就支持了，从我第一天用antivir就用winrar上报，而且我的winrar从来都是最新版 ...

难道我发了个火星铁?这个应该是最近两天改版的把,邮件和以前不一样了才发现的

kbsj1234

小红伞误报太多。正规网页也要报！

Oceanzd

我也是最近才知道的。。。以前一直没有给红伞上报过。。。。

hzq277284

以前网页上肯定只写了WinZIP, PKZip 和 Arj三种格式的，所以我一直就用WinZIP包上传的……应该WinRAR本来就能用，且很多人都用，所以他这次干脆也写上去了

增加了误报上传，很好

jimmyleo

恩 收到

新引擎 误报蛮多 系统文件 珊瑚虫QQ……

shardineblog

早就应该这样作了啊。
看来小红伞是越做越好了啊。

起点

原帖由 jimmyleo 于 2007-1-27 10:32 发表
恩 收到

新引擎 误报蛮多 系统文件 珊瑚虫QQ……

系统文件我测试下倒没发现,你应该用的品牌机或本本
到那个页面上报下就好